[jira] [Updated] (FLUME-1549) Website should document encryption

["Ferenc Szabo (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/FLUME-1549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ferenc Szabo updated FLUME-1549:
--------------------------------
    Fix Version/s: notrack

> Website should document encryption
> ----------------------------------
>
>                 Key: FLUME-1549
>                 URL: https://issues.apache.org/jira/browse/FLUME-1549
>             Project: Flume
>          Issue Type: Improvement
>          Components: Docs
>            Reporter: Brock Noland
>            Assignee: Brock Noland
>            Priority: Major
>             Fix For: notrack
>
>
> This is from the RB
> {noformat}
> Below is some sample configuration:
> Generating a key with a password seperate from the key store password:
>     keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
>       -keysize 128 -validity 9000 -keystore test.keystore \
>       -storetype jceks -storepass keyStorePassword
> Generating a key with the password the same as the key store password:      
>     keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
>       -keystore src/test/resources/test.keystore -storetype jceks \
>       -storepass keyStorePassword
>       
> agent.channels.ch-0.encryption.keyAlias = key-0
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0
> Let's say you have aged key-0 out and new files should be encrypted with key-1:
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> The same scenerio as above, however key-0 has it's own password:
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile = /path/to/key-0.password
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org